<div dir="ltr">Bill,<div><br></div><div>It's not a theory and it doesn't have to be Chrome to work. Javascript does the work to decrypt the data and it's not browser specific. <br><br>Read the PDF I supplied that details_excatly_ how the key exchange and encryption works.</div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Scott Helms<br><br></div></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Jun 12, 2021 at 10:35 PM William Herrin <<a href="mailto:bill@herrin.us">bill@herrin.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sat, Jun 12, 2021 at 3:55 PM K. Scott Helms <<a href="mailto:kscott.helms@gmail.com" target="_blank">kscott.helms@gmail.com</a>> wrote:<br>
> I don't think you're lying, but you are mistaken.<br>
><br>
> "I'm not lying. Google's server at <a href="http://passwords.google.com" rel="noreferrer" target="_blank">passwords.google.com</a><br>
> composed an html web page containing my plaintext passwords and sent<br>
> it to me. Not decrypted by my browser after combining it with a<br>
> locally stored key. "<br>
><br>
> So, you're not describing all of the possible ways to decrypt data. What's happening is that the keys to decrypt the passwords are handed to your client (with some checks like a local admin password or pin) when you attempt to decrypt a given password. The passwords _are_ decrypted on your device and you did not get a HTML page with your passwords. Please, go look at the source yourself. What you got was a page that's almost entirely javascript and that includes the functions that handle the decryption.<br>
><br>
> Don't take my word for it, "When you log in to a website while signed in to Chrome, Chrome encrypts your username and password with a secret key known only to your device. Then it sends an obscured copy of your data to Google. Because the encryption happens before Google’s servers get the information, nobody, including Google, learns your username or password."<br>
<br>
There's a problem with your theory. The browser I viewed the passwords<br>
from Google in wasn't Chrome. And it didn't have a local copy of any<br>
Google passwords or keys. The only place they could have come from was<br>
Google's server.<br>
<br>
Regards,<br>
Bill Herrin<br>
<br>
<br>
<br>
-- <br>
William Herrin<br>
<a href="mailto:bill@herrin.us" target="_blank">bill@herrin.us</a><br>
<a href="https://bill.herrin.us/" rel="noreferrer" target="_blank">https://bill.herrin.us/</a><br>
</blockquote></div>